29132f88d6867b4163e042ba53b8a5fc350245097e81d71cc7b969ee5a694ef0

Sharing

Copy URL Twitter E-mail

General

Target

29132f88d6867b4163e042ba53b8a5fc350245097e81d71cc7b969ee5a694ef0
Size

14.3MB
MD5

1d527eea5e1a936d0a0bfbef8f98f8f2
SHA1

70ad78483be0af75a4d2feb7dc803c1fbc7bd66c
SHA256

29132f88d6867b4163e042ba53b8a5fc350245097e81d71cc7b969ee5a694ef0
SHA512

078c2de0e64701c3e5522c1ecf87f58613b62e38df8e618af9f725e6cfcbe1d9a7d56aae65bc48fba75a701b90ec086bedecce0712f4bb70211cafe690ccabfd
SSDEEP

393216:X8JzLnG1x/ZP6T9ncQRmCf98kxc7iBcqc:sJLGxxPMpc2Nf98kxFB+

Score

9^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/ISSetup.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/ISSetup.dll	upx

Files

29132f88d6867b4163e042ba53b8a5fc350245097e81d71cc7b969ee5a694ef0
.zip
AutoRunAll.ico
Autorun.exe
.exe windows x86

b70afedd8347ea1ad51c8a1eadc14958

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetSystemMetrics
GetClientRect
DrawIcon
IsIconic
GetWindowLongA
SetWindowLongA
LoadIconA
PostQuitMessage
CopyIcon
SetCursor
EnableWindow
SendMessageA
LoadCursorA
PostMessageA
MessageBoxA
IsWindowEnabled
GetLastActivePopup
GetParent
SetWindowsHookExA
GetCursorPos
PeekMessageA
IsWindowVisible
ValidateRect
CallNextHookEx
GetKeyState
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
IsWindow
SetActiveWindow
EndDialog
GetWindowRect
GetWindowPlacement
SystemParametersInfoA
IntersectRect
OffsetRect
RegisterWindowMessageA
SetWindowPos
GetWindow
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CreateWindowExA
GetDlgCtrlID
GetWindowTextA
GetWindowTextLengthA
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetMenu
RegisterClassA
GetClassInfoA
wsprintfA
WinHelpA
GetCapture
GetTopWindow
CopyRect
ScreenToClient
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
SendDlgItemMessageA
UpdateWindow
IsDialogMessageA
SetWindowTextA
ShowWindow
ClientToScreen
GetDC
ReleaseDC
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
GetClassNameA
PtInRect
GetSysColorBrush
LoadStringA
DestroyMenu
InvalidateRect
IsWindowUnicode
CharNextA
InflateRect
DefDlgProcA
DrawFocusRect
ExcludeUpdateRgn
ShowCaret
HideCaret
UnregisterClassA

kernel32

RtlUnwind
GetStartupInfoA
GetCommandLineA
ExitProcess
TerminateProcess
HeapFree
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
WriteFile
GetCurrentProcess
SetErrorMode
GetOEMCP
GetCPInfo
SizeofResource
GetProcessVersion
GetLastError
WritePrivateProfileStringA
GlobalFlags
lstrcpynA
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedIncrement
MulDiv
SetLastError
InterlockedDecrement
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GetProfileStringA
GlobalFindAtomA
lstrcpyA
GetModuleHandleA
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
CloseHandle
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleFileNameA
WinExec
Sleep
FreeEnvironmentStringsW

gdi32

PatBlt
GetTextExtentPointA
BitBlt
CreateCompatibleDC
CreateDIBitmap
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateSolidBrush
GetDeviceCaps
IntersectClipRect
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
DeleteObject

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegCreateKeyExA
RegCloseKey
RegSetValueExA
RegOpenKeyExA

comctl32

ord17

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 740KB - Virtual size: 740KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ISSetup.dll
.dll regsvr32 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProductSKU
InstallEngineTypelib
RemoveEngineTypelib

Sections

UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 351KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
_Setup.dll
.dll windows x86

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:69:39:c4:75:d5:3c:1d:70:99:2d:b8:a8:7e:b7:d3
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

10/02/2006, 00:00

Not After

20/02/2008, 23:59

Subject

CN=Macrovision Corporation,OU=ENGINEERING,O=Macrovision Corporation,L=Schaumburg,ST=Illinois,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

63:83:74:e8:97:34:e0:90:48:df:f3:6f:7b:e1:f5:af:d2:f2:06:98
Signer

Actual PE Digest

63:83:74:e8:97:34:e0:90:48:df:f3:6f:7b:e1:f5:af:d2:f2:06:98

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Macrovision Corporation,OU=ENGINEERING,O=Macrovision Corporation,L=Schaumburg,ST=Illinois,C=US

24/11/2022, 14:54
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 4KB - Virtual size: 6B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 360KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
autorun.inf
chunqiu/specialPoints.ini
chunqiubig5/specialPoints.ini
data1.cab
data1.hdr
data2.cab
han/specialPoints.ini
hanbig5/specialPoints.ini
jin/InputEasy.exe
.exe windows x86

80debf69d4088c82a5f8820aff102941

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

penglue

PenGetAdaptationCharacter
PenDeleteAdaptationCharacter
PenGetAdaptationCharacterNumber
PenAutoLearn
PenEnd
PenInitialize
PenSelfLearnString
PenRecognize
PenSetParam

mousespy

MouseSpyGetParam
MouseSpyInstall
MouseSpyUninstall
MouseSpySetParam

libmgr

GetContent
GetContent2
??1CLibManager@@UAE@XZ
??0CLibManager@@QAE@XZ
ReadLibrary
?SetParam@CLibManager@@QAEXII@Z

lanmodel

GetBestResult

drawscript

DSExit
DSDrawNewPoint
DSClearScreen
DSInit
DSInitPen

sendfunc

Send_ComKey_ToApplication
Send_CTRL_C_ToApplication
Send_FuncKey_ToApplication
Send_IME_ToApplication
Send_CTRL_V_ToApplication

jtts_ml

jTTS_Play
jTTS_SetPlay
jTTS_GetStatus
jTTS_Stop
jTTS_End
jTTS_SetParam
jTTS_Init

kernel32

GetThreadLocale
lstrcmpiW
GetShortPathNameW
FileTimeToSystemTime
FileTimeToLocalFileTime
GlobalFlags
SizeofResource
LocalAlloc
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalHandle
TlsFree
LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
GetProcessVersion
GlobalSize
FindResourceExW
GetFileAttributesW
GetFileSize
GetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
SetFileAttributesW
SetErrorMode
GetTempFileNameW
GetDiskFreeSpaceW
GetStartupInfoW
ExitProcess
RtlUnwind
HeapFree
HeapAlloc
GetTimeZoneInformation
GetLocalTime
RemoveDirectoryW
CreateDirectoryW
RaiseException
CreateThread
ExitThread
TerminateProcess
SetStdHandle
GetFileType
HeapReAlloc
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
SetHandleCount
GetStringTypeExW
GetStartupInfoA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
FatalAppExitA
CompareStringA
CompareStringW
SetUnhandledExceptionFilter
LCMapStringW
IsBadReadPtr
IsBadCodePtr
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetStringTypeW
GetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeA
SetConsoleCtrlHandler
GetLocaleInfoW
GetACP
GetOEMCP
SetEnvironmentVariableA
FindResourceA
GlobalAddAtomA
GetProfileStringA
GetTickCount
Sleep
MultiByteToWideChar
IsDBCSLeadByte
WideCharToMultiByte
GlobalUnlock
GlobalLock
FindClose
FindNextFileW
FindFirstFileW
FreeLibrary
GetProcAddress
LoadLibraryW
CreateProcessW
GetPrivateProfileIntW
GetLastError
CreateMutexW
SetCurrentDirectoryW
GetModuleFileNameW
GetCurrentDirectoryW
CloseHandle
GetVersion
WinExec
lstrcpynA
GetSystemTime
GlobalAlloc
SearchPathW
GetStdHandle
GetFullPathNameW
GetVolumeInformationW
MoveFileW
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetCurrentProcess
DuplicateHandle
WritePrivateProfileStringW
lstrcmpW
lstrcmpiA
GetCurrentThread
VirtualProtect
lstrcmpA
CreateEventW
SuspendThread
SetThreadPriority
ResumeThread
SetEvent
WaitForSingleObject
MulDiv
SetLastError
lstrcpynW
GlobalGetAtomNameW
FormatMessageW
LocalFree
InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
LoadLibraryA
lstrlenA
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetModuleHandleW
GlobalFree
LockResource
FindResourceW
LoadResource
lstrcatW
lstrlenW
lstrcpyW
DeleteFileW
CopyFileW
GetPrivateProfileStringW
WriteFile
CreateFileW
SetFilePointer
ReadFile
LCMapStringA
GetWindowsDirectoryW
GetVersionExW
CreateFileA
DeviceIoControl
GetProfileIntW

user32

PostQuitMessage
ShowOwnedPopups
SetWindowContextHelpId
RegisterClipboardFormatW
CharUpperW
GetDialogBaseUnits
GetSysColorBrush
GetDCEx
LockWindowUpdate
InsertMenuW
GetMenuStringW
RemoveMenu
DeleteMenu
CharNextW
CopyAcceleratorTableW
GetNextDlgGroupItem
MessageBeep
PostThreadMessageW
SetParent
IsRectEmpty
GetSystemMenu
DestroyIcon
ReuseDDElParam
SetMenu
DestroyMenu
TranslateAcceleratorW
LoadAcceleratorsW
wvsprintfW
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuW
SetMenuItemBitmaps
CheckMenuItem
IsDialogMessageW
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
SendDlgItemMessageW
SendDlgItemMessageA
MapWindowPoints
GetSysColor
PeekMessageW
DispatchMessageW
GetFocus
SetFocus
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
MessageBoxW
IsChild
WinHelpW
wsprintfW
GetClassInfoW
GetMenu
GetMenuItemCount
SetWindowPlacement
GetWindowTextLengthW
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
SetPropW
UnhookWindowsHookEx
GetPropW
CallWindowProcW
RemovePropW
DefWindowProcW
GetMessageTime
GetLastActivePopup
SetWindowLongW
MapDialogRect
IsIconic
GetWindowPlacement
GetNextDlgTabItem
EndDialog
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetWindowLongW
GetDlgItem
GetWindow
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetMenuItemID
WaitForInputIdle
EnumWindows
FindWindowExW
IsWindowEnabled
GetWindowTextW
GetClassNameW
CharNextA
EnableMenuItem
SetClipboardData
SetWindowTextW
ShowWindow
MoveWindow
SetWindowRgn
CheckMenuRadioItem
GetDlgCtrlID
SetWindowPos
GetParent
GetDC
InvertRect
IsClipboardFormatAvailable
UnregisterClassW
GetWindowTextLengthA
HideCaret
ShowCaret
ExcludeUpdateRgn
GetWindowTextA
SetCursorPos
SetMenuDefaultItem
TrackPopupMenu
CopyIcon
SetSystemCursor
SetCapture
LoadMenuW
GetSubMenu
GetForegroundWindow
SetForegroundWindow
GetCapture
ReleaseCapture
OffsetRect
IsWindowVisible
GetClipboardData
SetRect
WaitMessage
LoadStringW
GetMessageW
TranslateMessage
ValidateRect
GrayStringW
DrawTextW
TabbedTextOutW
EndPaint
BeginPaint
GetWindowDC
OpenClipboard
EmptyClipboard
CloseClipboard
GetWindowThreadProcessId
GetCursorPos
ScreenToClient
SetCursor
InSendMessage
ReplyMessage
PostMessageW
ClientToScreen
WindowFromPoint
InvalidateRect
GetDesktopWindow
DrawTextA
GetClassInfoA
DefDlgProcA
DefWindowProcA
CallWindowProcA
RemovePropA
SetWindowsHookExA
GetWindowLongA
SendMessageA
IsWindowUnicode
GetClassNameA
SetWindowLongA
SetPropA
GetPropA
ReleaseDC
BringWindowToTop
IntersectRect
UnpackDDElParam
EnableWindow
PtInRect
InflateRect
SystemParametersInfoW
GetSystemMetrics
SetRectEmpty
IsWindow
CopyRect
GetKeyState
GetWindowRect
UpdateWindow
EqualRect
RegisterWindowMessageW
LoadCursorW
SetTimer
KillTimer
GetMessagePos
GetActiveWindow
GetClientRect
GetAsyncKeyState
AdjustWindowRectEx
AdjustWindowRect
CreatePopupMenu
AppendMenuW
FillRect
FrameRect
DrawFocusRect
SendMessageW
LoadIconW
LoadBitmapW
DrawIcon
RegisterClassW

gdi32

SetPolyFillMode
SetROP2
SetStretchBltMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
MoveToEx
LineTo
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetCurrentPositionEx
ArcTo
SetArcDirection
PolyDraw
PolylineTo
SetColorAdjustment
SetBkMode
DeleteObject
GetClipRgn
SelectPalette
SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
ExtCreatePen
CreateHatchBrush
CreatePatternBrush
CreateDIBPatternBrushPt
PtVisible
RectVisible
TextOutW
Escape
GetMapMode
SetRectRgn
CombineRgn
CreateRectRgnIndirect
CreateFontIndirectW
DPtoLP
StretchDIBits
GetCharWidthW
CopyMetaFileW
CreateDCW
EnumFontFamiliesExW
GetTextColor
GetBkColor
LPtoDP
SelectObject
ExtTextOutA
GetTextExtentPointA
CreateRectRgn
RestoreDC
SaveDC
StartDocW
DeleteDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
GetTextMetricsW
ExtTextOutW
Rectangle
PatBlt
GetTextExtentPoint32W
CreateEllipticRgn
CreateCompatibleBitmap
CreateSolidBrush
CreatePen
CreateFontW
StretchBlt
GetObjectW
CreateCompatibleDC
BitBlt
PolyBezierTo
CreateDIBitmap
GetStockObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW
GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegCreateKeyW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyW
RegSetValueW
SetFileSecurityW
GetFileSecurityW
RegEnumKeyW
RegCloseKey

shell32

DragFinish
ShellExecuteW
Shell_NotifyIconW
ExtractIconW
SHGetFileInfoW
DragQueryFileW
SHAppBarMessage
DragAcceptFiles
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc

comctl32

ImageList_ReplaceIcon
ord17
ord13
ord14
ImageList_Destroy
ImageList_Create
ImageList_LoadImageW
ImageList_Merge
ImageList_Read
ImageList_Write
PropertySheetW
DestroyPropertySheetPage
CreatePropertySheetPageW

oledlg

OleUIBusyW

ole32

OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoTreatAsClass
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CreateBindCtx
CoTaskMemAlloc
OleDuplicateData
CreateStreamOnHGlobal
CoDisconnectObject
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
OleGetClipboard
ReleaseStgMedium
CoTaskMemFree
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleRun
CoCreateInstance
CoRegisterMessageFilter
CoRegisterClassObject
CoRevokeClassObject
OleSetClipboard
OleFlushClipboard
OleIsCurrentClipboard

olepro32

ord253

oleaut32

SafeArrayCreate
SafeArrayRedim
SysAllocStringByteLen
VarCyFromStr
VarBstrFromCy
SafeArrayGetLBound
VarDateFromStr
VarBstrFromDate
SafeArrayCopy
SafeArrayGetDim
SafeArrayAllocDescriptor
SafeArrayGetElement
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SafeArrayAccessData
LoadTypeLi
SafeArrayGetUBound
SafeArrayGetElemsize
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnaccessData
SysAllocString
SysReAllocStringLen
VariantChangeType
VariantCopy
SysStringByteLen
VariantTimeToSystemTime
VariantClear
SysAllocStringLen
SysFreeString
SafeArrayAllocData
SysStringLen

netapi32

Netbios

Sections

.text
Size: 760KB - Virtual size: 760KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
jin/specialPoints.ini
jinbig5/InputEasy.exe
.exe windows x86

80debf69d4088c82a5f8820aff102941

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

penglue

PenGetAdaptationCharacter
PenDeleteAdaptationCharacter
PenGetAdaptationCharacterNumber
PenAutoLearn
PenEnd
PenInitialize
PenSelfLearnString
PenRecognize
PenSetParam

mousespy

MouseSpyGetParam
MouseSpyInstall
MouseSpyUninstall
MouseSpySetParam

libmgr

GetContent
GetContent2
??1CLibManager@@UAE@XZ
??0CLibManager@@QAE@XZ
ReadLibrary
?SetParam@CLibManager@@QAEXII@Z

lanmodel

GetBestResult

drawscript

DSExit
DSDrawNewPoint
DSClearScreen
DSInit
DSInitPen

sendfunc

Send_ComKey_ToApplication
Send_CTRL_C_ToApplication
Send_FuncKey_ToApplication
Send_IME_ToApplication
Send_CTRL_V_ToApplication

jtts_ml

jTTS_Play
jTTS_SetPlay
jTTS_GetStatus
jTTS_Stop
jTTS_End
jTTS_SetParam
jTTS_Init

kernel32

GetThreadLocale
lstrcmpiW
GetShortPathNameW
FileTimeToSystemTime
FileTimeToLocalFileTime
GlobalFlags
SizeofResource
LocalAlloc
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalHandle
TlsFree
LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
GetProcessVersion
GlobalSize
FindResourceExW
GetFileAttributesW
GetFileSize
GetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
SetFileAttributesW
SetErrorMode
GetTempFileNameW
GetDiskFreeSpaceW
GetStartupInfoW
ExitProcess
RtlUnwind
HeapFree
HeapAlloc
GetTimeZoneInformation
GetLocalTime
RemoveDirectoryW
CreateDirectoryW
RaiseException
CreateThread
ExitThread
TerminateProcess
SetStdHandle
GetFileType
HeapReAlloc
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
SetHandleCount
GetStringTypeExW
GetStartupInfoA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
FatalAppExitA
CompareStringA
CompareStringW
SetUnhandledExceptionFilter
LCMapStringW
IsBadReadPtr
IsBadCodePtr
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetStringTypeW
GetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeA
SetConsoleCtrlHandler
GetLocaleInfoW
GetACP
GetOEMCP
SetEnvironmentVariableA
FindResourceA
GlobalAddAtomA
GetProfileStringA
GetTickCount
Sleep
MultiByteToWideChar
IsDBCSLeadByte
WideCharToMultiByte
GlobalUnlock
GlobalLock
FindClose
FindNextFileW
FindFirstFileW
FreeLibrary
GetProcAddress
LoadLibraryW
CreateProcessW
GetPrivateProfileIntW
GetLastError
CreateMutexW
SetCurrentDirectoryW
GetModuleFileNameW
GetCurrentDirectoryW
CloseHandle
GetVersion
WinExec
lstrcpynA
GetSystemTime
GlobalAlloc
SearchPathW
GetStdHandle
GetFullPathNameW
GetVolumeInformationW
MoveFileW
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetCurrentProcess
DuplicateHandle
WritePrivateProfileStringW
lstrcmpW
lstrcmpiA
GetCurrentThread
VirtualProtect
lstrcmpA
CreateEventW
SuspendThread
SetThreadPriority
ResumeThread
SetEvent
WaitForSingleObject
MulDiv
SetLastError
lstrcpynW
GlobalGetAtomNameW
FormatMessageW
LocalFree
InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
LoadLibraryA
lstrlenA
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetModuleHandleW
GlobalFree
LockResource
FindResourceW
LoadResource
lstrcatW
lstrlenW
lstrcpyW
DeleteFileW
CopyFileW
GetPrivateProfileStringW
WriteFile
CreateFileW
SetFilePointer
ReadFile
LCMapStringA
GetWindowsDirectoryW
GetVersionExW
CreateFileA
DeviceIoControl
GetProfileIntW

user32

PostQuitMessage
ShowOwnedPopups
SetWindowContextHelpId
RegisterClipboardFormatW
CharUpperW
GetDialogBaseUnits
GetSysColorBrush
GetDCEx
LockWindowUpdate
InsertMenuW
GetMenuStringW
RemoveMenu
DeleteMenu
CharNextW
CopyAcceleratorTableW
GetNextDlgGroupItem
MessageBeep
PostThreadMessageW
SetParent
IsRectEmpty
GetSystemMenu
DestroyIcon
ReuseDDElParam
SetMenu
DestroyMenu
TranslateAcceleratorW
LoadAcceleratorsW
wvsprintfW
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuW
SetMenuItemBitmaps
CheckMenuItem
IsDialogMessageW
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
SendDlgItemMessageW
SendDlgItemMessageA
MapWindowPoints
GetSysColor
PeekMessageW
DispatchMessageW
GetFocus
SetFocus
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
MessageBoxW
IsChild
WinHelpW
wsprintfW
GetClassInfoW
GetMenu
GetMenuItemCount
SetWindowPlacement
GetWindowTextLengthW
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
SetPropW
UnhookWindowsHookEx
GetPropW
CallWindowProcW
RemovePropW
DefWindowProcW
GetMessageTime
GetLastActivePopup
SetWindowLongW
MapDialogRect
IsIconic
GetWindowPlacement
GetNextDlgTabItem
EndDialog
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetWindowLongW
GetDlgItem
GetWindow
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetMenuItemID
WaitForInputIdle
EnumWindows
FindWindowExW
IsWindowEnabled
GetWindowTextW
GetClassNameW
CharNextA
EnableMenuItem
SetClipboardData
SetWindowTextW
ShowWindow
MoveWindow
SetWindowRgn
CheckMenuRadioItem
GetDlgCtrlID
SetWindowPos
GetParent
GetDC
InvertRect
IsClipboardFormatAvailable
UnregisterClassW
GetWindowTextLengthA
HideCaret
ShowCaret
ExcludeUpdateRgn
GetWindowTextA
SetCursorPos
SetMenuDefaultItem
TrackPopupMenu
CopyIcon
SetSystemCursor
SetCapture
LoadMenuW
GetSubMenu
GetForegroundWindow
SetForegroundWindow
GetCapture
ReleaseCapture
OffsetRect
IsWindowVisible
GetClipboardData
SetRect
WaitMessage
LoadStringW
GetMessageW
TranslateMessage
ValidateRect
GrayStringW
DrawTextW
TabbedTextOutW
EndPaint
BeginPaint
GetWindowDC
OpenClipboard
EmptyClipboard
CloseClipboard
GetWindowThreadProcessId
GetCursorPos
ScreenToClient
SetCursor
InSendMessage
ReplyMessage
PostMessageW
ClientToScreen
WindowFromPoint
InvalidateRect
GetDesktopWindow
DrawTextA
GetClassInfoA
DefDlgProcA
DefWindowProcA
CallWindowProcA
RemovePropA
SetWindowsHookExA
GetWindowLongA
SendMessageA
IsWindowUnicode
GetClassNameA
SetWindowLongA
SetPropA
GetPropA
ReleaseDC
BringWindowToTop
IntersectRect
UnpackDDElParam
EnableWindow
PtInRect
InflateRect
SystemParametersInfoW
GetSystemMetrics
SetRectEmpty
IsWindow
CopyRect
GetKeyState
GetWindowRect
UpdateWindow
EqualRect
RegisterWindowMessageW
LoadCursorW
SetTimer
KillTimer
GetMessagePos
GetActiveWindow
GetClientRect
GetAsyncKeyState
AdjustWindowRectEx
AdjustWindowRect
CreatePopupMenu
AppendMenuW
FillRect
FrameRect
DrawFocusRect
SendMessageW
LoadIconW
LoadBitmapW
DrawIcon
RegisterClassW

gdi32

SetPolyFillMode
SetROP2
SetStretchBltMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
MoveToEx
LineTo
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetCurrentPositionEx
ArcTo
SetArcDirection
PolyDraw
PolylineTo
SetColorAdjustment
SetBkMode
DeleteObject
GetClipRgn
SelectPalette
SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
ExtCreatePen
CreateHatchBrush
CreatePatternBrush
CreateDIBPatternBrushPt
PtVisible
RectVisible
TextOutW
Escape
GetMapMode
SetRectRgn
CombineRgn
CreateRectRgnIndirect
CreateFontIndirectW
DPtoLP
StretchDIBits
GetCharWidthW
CopyMetaFileW
CreateDCW
EnumFontFamiliesExW
GetTextColor
GetBkColor
LPtoDP
SelectObject
ExtTextOutA
GetTextExtentPointA
CreateRectRgn
RestoreDC
SaveDC
StartDocW
DeleteDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
GetTextMetricsW
ExtTextOutW
Rectangle
PatBlt
GetTextExtentPoint32W
CreateEllipticRgn
CreateCompatibleBitmap
CreateSolidBrush
CreatePen
CreateFontW
StretchBlt
GetObjectW
CreateCompatibleDC
BitBlt
PolyBezierTo
CreateDIBitmap
GetStockObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW
GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegCreateKeyW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyW
RegSetValueW
SetFileSecurityW
GetFileSecurityW
RegEnumKeyW
RegCloseKey

shell32

DragFinish
ShellExecuteW
Shell_NotifyIconW
ExtractIconW
SHGetFileInfoW
DragQueryFileW
SHAppBarMessage
DragAcceptFiles
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc

comctl32

ImageList_ReplaceIcon
ord17
ord13
ord14
ImageList_Destroy
ImageList_Create
ImageList_LoadImageW
ImageList_Merge
ImageList_Read
ImageList_Write
PropertySheetW
DestroyPropertySheetPage
CreatePropertySheetPageW

oledlg

OleUIBusyW

ole32

OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoTreatAsClass
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CreateBindCtx
CoTaskMemAlloc
OleDuplicateData
CreateStreamOnHGlobal
CoDisconnectObject
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
OleGetClipboard
ReleaseStgMedium
CoTaskMemFree
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleRun
CoCreateInstance
CoRegisterMessageFilter
CoRegisterClassObject
CoRevokeClassObject
OleSetClipboard
OleFlushClipboard
OleIsCurrentClipboard

olepro32

ord253

oleaut32

SafeArrayCreate
SafeArrayRedim
SysAllocStringByteLen
VarCyFromStr
VarBstrFromCy
SafeArrayGetLBound
VarDateFromStr
VarBstrFromDate
SafeArrayCopy
SafeArrayGetDim
SafeArrayAllocDescriptor
SafeArrayGetElement
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SafeArrayAccessData
LoadTypeLi
SafeArrayGetUBound
SafeArrayGetElemsize
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnaccessData
SysAllocString
SysReAllocStringLen
VariantChangeType
VariantCopy
SysStringByteLen
VariantTimeToSystemTime
VariantClear
SysAllocStringLen
SysFreeString
SafeArrayAllocData
SysStringLen

netapi32

Netbios

Sections

.text
Size: 760KB - Virtual size: 760KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
jinbig5/specialPoints.ini
layout.bin
ming2/specialPoints.ini
ming2big5/specialPoints.ini
qin/specialPoints.ini
qinbig5/specialPoints.ini
setup.exe
.exe windows x86

a5fd4def1510f7b3943f9807bf555a4d

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:69:39:c4:75:d5:3c:1d:70:99:2d:b8:a8:7e:b7:d3
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

10/02/2006, 00:00

Not After

20/02/2008, 23:59

Subject

CN=Macrovision Corporation,OU=ENGINEERING,O=Macrovision Corporation,L=Schaumburg,ST=Illinois,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

e0:21:01:78:b3:d4:61:95:de:96:92:a8:76:12:64:bb:74:39:de:75
Signer

Actual PE Digest

e0:21:01:78:b3:d4:61:95:de:96:92:a8:76:12:64:bb:74:39:de:75

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Macrovision Corporation,OU=ENGINEERING,O=Macrovision Corporation,L=Schaumburg,ST=Illinois,C=US

24/11/2022, 14:54
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

GetShortPathNameA
SetEvent
HeapDestroy
GetDriveTypeA
GetExitCodeProcess
CopyFileA
lstrcpynA
GetFileAttributesA
FindClose
FindFirstFileA
CreateDirectoryA
GetCurrentThreadId
LoadLibraryA
SetFilePointer
LoadLibraryExA
GetTickCount
GetVersion
GetWindowsDirectoryA
FormatMessageA
LocalFree
SetFileAttributesA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
SizeofResource
GetTempPathA
GlobalSize
FreeResource
GetLocalTime
GetCurrentProcessId
SearchPathA
FindNextFileA
GetTempFileNameA
TerminateProcess
IsBadReadPtr
VirtualQuery
VirtualProtect
ResetEvent
QueryPerformanceCounter
SystemTimeToFileTime
lstrcmpA
GetCurrentThread
MoveFileExA
GetDiskFreeSpaceA
GetSystemDirectoryA
GetSystemInfo
GetPrivateProfileStringA
GetPrivateProfileIntA
MultiByteToWideChar
lstrcpyA
lstrcmpiA
lstrlenA
GetSystemDefaultLangID
lstrcatA
SetLastError
GetLastError
WideCharToMultiByte
CompareStringA
CompareStringW
GetVersionExA
GetProcAddress
MulDiv
GetPrivateProfileSectionNamesA
FlushFileBuffers
SetStdHandle
IsBadCodePtr
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapSize
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetEnvironmentVariableA
TlsGetValue
TlsAlloc
TlsSetValue
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
GetCommandLineA
GetStartupInfoA
RaiseException
HeapReAlloc
HeapAlloc
HeapFree
RtlUnwind
DeleteCriticalSection
InterlockedExchange
GetModuleHandleA
GetModuleFileNameA
Sleep
CloseHandle
InitializeCriticalSection
ReleaseMutex
CreateMutexA
ReadFile
WriteFile
CreateEventA
QueryPerformanceFrequency
InterlockedDecrement
InterlockedIncrement
CreateFileA
CreateThread
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
SetErrorMode
FindResourceExA
FindResourceA
LoadResource
LockResource
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
WaitForSingleObject
ExitProcess
GetCurrentProcess
DuplicateHandle
GetThreadContext
VirtualProtectEx
WriteProcessMemory
FlushInstructionCache
SetThreadContext
ResumeThread
DeleteFileA
RemoveDirectoryA
AddAtomA
WritePrivateProfileStringA
GetAtomNameA
lstrlenW
CreateProcessA

user32

MoveWindow
EndDialog
LoadIconA
GetDlgItem
SendMessageA
SetDlgItemTextA
SetWindowLongA
DialogBoxIndirectParamA
CharUpperA
WaitForInputIdle
wsprintfA
GetWindowRect
GetWindowLongA
ShowWindow
IntersectRect
SetWindowTextA
RegisterClassExA
CreateWindowExA
GetClassNameA
GetDialogBaseUnits
EnumChildWindows
CallWindowProcA
CharLowerBuffA
GetDlgItemTextA
SetFocus
IsDlgButtonChecked
CheckDlgButton
BeginPaint
EndPaint
FillRect
ScreenToClient
GetParent
GetWindow
SystemParametersInfoA
MapWindowPoints
SetWindowPos
GetWindowTextLengthA
GetWindowTextA
GetWindowPlacement
SendDlgItemMessageA
DefWindowProcA
GetPropA
EnableMenuItem
SetPropA
RemovePropA
IsWindow
GetSysColor
IsDialogMessageA
TranslateMessage
LoadImageA
CreateDialogParamA
GetDC
ReleaseDC
MessageBoxA
GetMessageA
DispatchMessageA
MsgWaitForMultipleObjects
PeekMessageA
CharNextA
PostThreadMessageA
LoadStringA
SetActiveWindow
DestroyWindow
CreateDialogIndirectParamA
SetForegroundWindow
GetClientRect
EnableWindow
IsWindowEnabled
GetDesktopWindow
SetWindowRgn
GetWindowDC
UpdateWindow
InvalidateRect
DrawIcon
MapDialogRect
DrawFocusRect
InflateRect
DrawTextA
CopyRect
PostMessageA

gdi32

CreateCompatibleBitmap
CreateDCA
GetStockObject
GetTextExtentPoint32A
CreatePatternBrush
DeleteMetaFile
SetMetaFileBitsEx
SetStretchBltMode
SelectClipRgn
SetPixel
PatBlt
PlayMetaFile
StretchBlt
CreateBitmap
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
CreateDIBitmap
SaveDC
SetBkMode
SetTextColor
TextOutA
RestoreDC
GetTextExtentPointA
CreateFontIndirectA
SetBkColor
CreateRectRgn
DeleteObject
CreateSolidBrush
GetDIBColorTable
GetSystemPaletteEntries
CreatePalette
CreateHalftonePalette
GetDeviceCaps
GetObjectA
CreateCompatibleDC
UnrealizeObject
SelectPalette
RealizePalette
SelectObject
BitBlt
DeleteDC
SetMapMode

advapi32

RegCloseKey
OpenThreadToken
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyA
RegCreateKeyA
RegQueryValueA
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken

shell32

ShellExecuteExA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetMalloc

ole32

StringFromGUID2
CoTaskMemAlloc
CoMarshalInterThreadInterfaceInStream
CoReleaseMarshalData
CoInitialize
CoGetInterfaceAndReleaseStream
CoCreateInstance
CoCreateGuid
StringFromCLSID
CoTaskMemFree
GetRunningObjectTable
CoRegisterClassObject
CoRevokeClassObject
CoUninitialize

oleaut32

SysAllocStringLen
SysAllocString
SysStringLen
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SysFreeString
VariantChangeType
GetErrorInfo
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi
VariantClear
VariantCopy
SysReAllocStringLen

lz32

LZCopy
LZOpenFileA
LZClose

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

Sections

.text
Size: 276KB - Virtual size: 274KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
setup.ini
setup.inx
shang/specialPoints.ini
shangbig5/specialPoints.ini
song2/specialPoints.ini
song2big5/specialPoints.ini
top.bmp
yuan2/specialPoints.ini
yuan2big5/specialPoints.ini
zhou/specialPoints.ini
zhoubig5/specialPoints.ini
比克尔.url
.url

Sharing

General

Malware Config

Signatures

Files

b70afedd8347ea1ad51c8a1eadc14958

Headers

File Characteristics

Imports

user32

kernel32

gdi32

winspool.drv

advapi32

comctl32

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 16KB - Virtual size: 25KB

.rsrc Size: 740KB - Virtual size: 740KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 1.1MB

UPX1 Size: 351KB - Virtual size: 352KB

.rsrc Size: 128KB - Virtual size: 132KB

Code Sign

0aCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

03:69:39:c4:75:d5:3c:1d:70:99:2d:b8:a8:7e:b7:d3Certificate

Extended Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

63:83:74:e8:97:34:e0:90:48:df:f3:6f:7b:e1:f5:af:d2:f2:06:98Signer

Signature Validations

Verification

24/11/2022, 14:54 Valid: false

Headers

File Characteristics

Sections

.text Size: 4KB - Virtual size: 6B

.rsrc Size: 360KB - Virtual size: 357KB

.reloc Size: 4KB - Virtual size: 12B

80debf69d4088c82a5f8820aff102941

Headers

File Characteristics

Imports

penglue

mousespy

libmgr

lanmodel

drawscript

sendfunc

jtts_ml

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

netapi32

Sections

.text Size: 760KB - Virtual size: 760KB

.rdata Size: 132KB - Virtual size: 131KB

.data Size: 40KB - Virtual size: 63KB

.idata Size: 20KB - Virtual size: 19KB

.rsrc Size: 24KB - Virtual size: 20KB

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 16KB - Virtual size: 25KB

.rsrc
Size: 740KB - Virtual size: 740KB

UPX0
Size: - Virtual size: 1.1MB

UPX1
Size: 351KB - Virtual size: 352KB

.rsrc
Size: 128KB - Virtual size: 132KB

0a
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

03:69:39:c4:75:d5:3c:1d:70:99:2d:b8:a8:7e:b7:d3
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

63:83:74:e8:97:34:e0:90:48:df:f3:6f:7b:e1:f5:af:d2:f2:06:98
Signer

24/11/2022, 14:54
Valid: false

.text
Size: 4KB - Virtual size: 6B

.rsrc
Size: 360KB - Virtual size: 357KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 760KB - Virtual size: 760KB

.rdata
Size: 132KB - Virtual size: 131KB

.data
Size: 40KB - Virtual size: 63KB

.idata
Size: 20KB - Virtual size: 19KB

.rsrc
Size: 24KB - Virtual size: 20KB

.reloc
Size: 76KB - Virtual size: 76KB

.text
Size: 760KB - Virtual size: 760KB

.rdata
Size: 132KB - Virtual size: 131KB

.data
Size: 40KB - Virtual size: 63KB

.idata
Size: 20KB - Virtual size: 19KB

.rsrc
Size: 24KB - Virtual size: 20KB

.reloc
Size: 76KB - Virtual size: 76KB

0a
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

03:69:39:c4:75:d5:3c:1d:70:99:2d:b8:a8:7e:b7:d3
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

e0:21:01:78:b3:d4:61:95:de:96:92:a8:76:12:64:bb:74:39:de:75
Signer

24/11/2022, 14:54
Valid: false

.text
Size: 276KB - Virtual size: 274KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 24KB - Virtual size: 29KB

.rsrc
Size: 112KB - Virtual size: 109KB